Software Integrity Blog

Archive for the 'Agile, CI/CD & DevOps' Category

 

What AppSec tools are in your DevOps toolshed?

AppSec tools are essential to creating secure applications and preventing data breach. But how do you integrate them effectively into your DevOps workflow?

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on What AppSec tools are in your DevOps toolshed?

 

Want to secure your apps? Build security in with the right toolchain

Having the right application security toolchain is the most effective way to build security in, which is critical to securing modern apps against attacks.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Architecture and Design | Comments Off on Want to secure your apps? Build security in with the right toolchain

 

Tanya Janca at RSA on better AppSec: Play nice with DevOps

The DevOps and security relationship is often tense—but does it have to be? At RSA 2019, Tanya Janca explained how teams can play nice, and why they ought to.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on Tanya Janca at RSA on better AppSec: Play nice with DevOps

 

How to “shift left” with application security tools, and how not to

Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on How to “shift left” with application security tools, and how not to

 

Hacking Security Episode 4: DevSecOps with Meera Rao

Hacking Security is a monthly podcast on emerging trends in application security. In Episode 4, secure development expert Meera Rao discusses DevSecOps.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Developer Enablement, General | Comments Off on Hacking Security Episode 4: DevSecOps with Meera Rao

 

Automation: One of the keys to DevSecOps

Automation is one of the keys to consistent and meaningful AppSec adoption in an evolving world. Many organizations have taken the first step in integrating their development and operations teams to drive more efficient delivery of applications and innovation to the market. They have come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. One way they are achieving these efficiencies is through automation. Automation in DevOps By automating manual processes and building tools into continuous integration and continuous delivery (CI/CD) pipelines, development and operations teams have increased workflow efficiencies and trust between groups, which is essential as these once-disparate teams now merge to tackle critical issues as a single new team. We see the use and expansion of automation in the integration of tools such as GitLab for version control, Jenkins for CI, Jira for defect tracking, and Docker for container integration within toolchains. These tools work together to create a cohesive automated environment designed to allow organizations to focus on delivering higher-quality innovation faster to the market. Automation in DevSecOps Organizations are also realizing there is value in applying and sharing the value of automation by incorporating security principles earlier in the software development life cycle (SDLC). This creates shorter feedback loops and decreases friction, which allows engineers to detect and fix security and compliance issues faster and more naturally as part of software development workflows.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Maturity Model (BSIMM) | Comments Off on Automation: One of the keys to DevSecOps

 

Webinar: Cloud DevSecOps with Synopsys and AWS

In our on-demand webinar with Binoy Das (AWS) and Dave Meurer (Synopsys), you’ll learn how to manage security in your cloud DevSecOps processes with automation.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security, General, Webinars | Comments Off on Webinar: Cloud DevSecOps with Synopsys and AWS

 

Webinar: Static analysis helps DevOps teams maintain velocity securely

In our on-demand webinar with Meera Rao (Synopsys), you’ll learn how to integrate SAST into DevOps using automation to find issues early in the SDLC and support DevOps velocity.

Continue Reading...

Posted in Agile, CI/CD & DevOps, General, Static Analysis (SAST), Webinars | Comments Off on Webinar: Static analysis helps DevOps teams maintain velocity securely

 

Webinar: Using Security Champions to build a DevSecOps culture within your organization

In our on-demand webinar with Brendan Sheairs (Synopsys), you’ll learn about the fundamentals and challenges of building a Security Champions program to transform DevOps into DevSecOps.

Continue Reading...

Posted in Agile, CI/CD & DevOps, General, Security Training, Webinars | Comments Off on Webinar: Using Security Champions to build a DevSecOps culture within your organization

 

The intersection between IAST and SCA and why you need both in your security toolkit

Interactive application security testing (IAST) and software composition analysis (SCA) are powerful technologies—and you need both in your security toolkit.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Interactive Application Security Testing (IAST), Software Composition Analysis | Comments Off on The intersection between IAST and SCA and why you need both in your security toolkit